Analysis
-
max time kernel
120s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
27-07-2024 05:28
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
98ba5529ed7feab78d0f98283f1d25e0N.exe
Resource
win7-20240704-en
windows7-x64
3 signatures
120 seconds
Behavioral task
behavioral2
Sample
98ba5529ed7feab78d0f98283f1d25e0N.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
3 signatures
120 seconds
General
-
Target
98ba5529ed7feab78d0f98283f1d25e0N.exe
-
Size
43KB
-
MD5
98ba5529ed7feab78d0f98283f1d25e0
-
SHA1
e11b4c5acf0539b4b407b0095279ab3437df9dad
-
SHA256
56b983417274ab52f6590fa674621051d24e8f2dd68943ed8a21ee016367187f
-
SHA512
7ac3dda47a144afe79f7b6a30a9c22039c705edffff10c6dc52f240d9e742161db302294fc3c67b9afef7d6b6d035292dec56a8e293eadf9a56c966508281b29
-
SSDEEP
768:W7BlpppARFbhjbhg42LcfpR42LcfpRo+fOiJbfo+fOiJbCk8t8QPF:W7ZppApBULcfpHLcfp/ZeLPF
Score
9/10
Malware Config
Signatures
-
Renames multiple (2308) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationFramework.resources.dll.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationClientSideProviders.dll.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\fi.pak.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordaccore_amd64_amd64_8.0.224.6711.dll.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.ReaderWriter.dll.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Numerics.Vectors.dll.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\Java\jdk-1.8\jmc.txt.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationFramework.resources.dll.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationFramework.resources.dll.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Primitives.dll.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationClient.resources.dll.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\prism_common.dll.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\CompressConvertTo.aifc.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Controls.Ribbon.resources.dll.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\jfr.jar.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Design.dll.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Input.Manipulations.resources.dll.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationTypes.resources.dll.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Mail.dll.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.resources.dll.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationUI.resources.dll.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Primitives.dll.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationTypes.resources.dll.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationTypes.dll.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TabTip.exe.mui.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClient.resources.dll.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationFramework.resources.dll.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\WindowsBase.resources.dll.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_2.dll.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.properties.src.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationFramework.resources.dll.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationUI.resources.dll.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\sRGB.pf.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lv-lv.dll.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tabskb.dll.mui.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.DataSetExtensions.dll.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.CompilerServices.VisualC.dll.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationCore.resources.dll.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Xaml.resources.dll.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationCore.resources.dll.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\7-Zip\Lang\hi.txt.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.IO.Packaging.dll.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\Internet Explorer\ja-JP\ieinstal.exe.mui.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\Java\jdk-1.8\legal\jdk\jpeg.md.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Primitives.resources.dll.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\7-Zip\readme.txt.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\dotnet\host\fxr\8.0.2\hostfxr.dll.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationCore.resources.dll.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\Internet Explorer\es-ES\ieinstal.exe.mui.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\jfxmedia.dll.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe File created C:\Program Files\7-Zip\7zCon.sfx.tmp 98ba5529ed7feab78d0f98283f1d25e0N.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 98ba5529ed7feab78d0f98283f1d25e0N.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
43KB
MD5044f422da04bdeeb8ada180a6c490102
SHA18ed1b65ba2e486a1505bf5bf96fc0b5b5639273c
SHA256a9862e2f3ca80077cb3a5363205ef77123df3084d9e08ac3409031d4bc645cfd
SHA512c1a06e58f5f695cfd18bca839417bbcac52b9487d738e5ebb966ed978f81a8a247a8f2cda1552f789de40899daaccc8320874b1277a63c5d7f758c82a01689af
-
Filesize
142KB
MD5320cb44293dce04284c5b58fd1a94391
SHA1a155d854434a8c04dcc8240791a6a0b447246a0a
SHA256db700be0c6bf74399b4dde282716d316d93bc57ef3176638ae50efb0ba9f21b1
SHA5128cd7ca593d1cda414876330deff1f760d3a0aad6b957a0210615b654356f36331234bc0525c349cdd5bb502245a1d60d66587ddb7e4d8f3a6cf34f86e4019166